SkillAgent Search skills...⌘K

Kurasagi

Windows 11 24H2-25H2 Runtime PatchGuard Bypass

Generate Convert Improve

Install / Use

/learn @NeoMaster831/Kurasagi

About this skill

Quality Score

0/100

Category

Development & Engineering

Supported Platforms

Universal

Tags

24h2 25h2 bypass kernel-patch-protection kpp patchguard pg windows windows-11

README

kurasagi

kurasagi is full POC of PatchGuard bypass for Windows 24H2 - 25H2.

For more information, please refer to the product branch, which contains the PDF paper detailing the bypass.

If any BSOD which is related to CRITICAL_STRUCTURE_CORRUPTION (PatchGuard) appears, please create issue with it!

Disclaimers

PLEASE USE IT FOR ONLY EDUCATIONAL PURPOSES!
Do not turn on hypervisor-based security factors when running! (It will BSOD!)
Use kdmapper for driver loading.
After kurasagi has been loaded, we just found there's some weird issue when you allocate pool with NonPagedPoolExecute (or NonPagedPool, it is same), it is not executable. I'll fix as soon as possible.

Images

proof

Credit

Here are the helpful resources I referred to in completing this project. I appreciate these works, ideas, and source codes. Thanks

https://blog.tetrane.com/downloads/Tetrane_PatchGuard_Analysis_RS4_v1.01.pdf
https://blog.can.ac/2024/06/28/pgc-garbage-collecting-patchguard/
https://shhoya.github.io/windows_pgintro.html

NeoMaster831

View profile

GitHub Stars256

CategoryDevelopment

Updated8h ago

Forks30

NeoMaster831/kurasagi

Languages

C++

Security Score

100/100

Audited on Mar 31, 2026

No findings